import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Scanner;

public class JdbcDemo05 {
    public static void main(String[] args) throws SQLException {
        // 获取statement对象
        Statement statement = JDBCUtil.getStatement();

        String account = "123456";
        String password = "1' or '1'='1 ";
        // 存在SQL注入风险
        String sql = "select * from user where account ='" + account + "' and password='" + password + "'";
        System.out.println(sql);//select * from user where account ='123456' and password='1' or '1'='1';
        ResultSet resultSet = statement.executeQuery(sql);
        while (resultSet.next()) {
            System.out.println(resultSet.getString(2));
        }
        JDBCUtil.close(resultSet);
    }
}
